1. Field of the Invention
Embodiments of the present invention relate generally to a method and apparatus for providing authentication between a device and computer resources.
2. Description of the Related Art
The rapid proliferation of cloud computing services has driven a need for users to first authenticate with a cloud service provider before gaining access to computing resources operated by the cloud service provider that themselves mandate submission of user credentials as part of an operating system login sequence. This requires repetitive login operations that are both inefficient and annoying to users. Authentication frameworks such as OAUTH provide ‘valet’ tokens that enable Internet service providers to provide customers with the conveniences of User ID, password and single sign on services that leverage security infrastructure of other well-established service providers such as Google or Amazon. However, no such frameworks are designed for resubmission of user credentials to computing resources for seamless sign-on while also addressing specific security concerns related to a service provider providing connection broker and computing services such as Desktop-as-a-Service (DaaS) or published application services that may be under directory management of a separate entity such as a corporate enterprise. Such security concerns arise when a connection broker is enabled to store or extract user credentials that might allow a rogue connection broker to be inserted in the authentication process. Additional security concerns arise if a computing resource, such as a remote desktop, is enabled to store unencrypted user credentials that expose the computing resource to password mining attacks.
Therefore, there is a need in the art for a secure method and apparatus for providing a single sign on for a computing resource.